+---------------------------------------------------------------------+ | LinuxSecurity.com Weekly Newsletter | | October 8th, 2001 Volume 2, Number 40n | | | | Editorial Team: Dave Wreski daveat_private | | Benjamin Thomas benat_private | +---------------------------------------------------------------------+ Thank you for reading the LinuxSecurity.com weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headlines. This week, perhaps the most interesting articles include "Analyzing your internet applications log files," "BSD security fundamentals," and "A Beginner's Introduction to Network Security." Also this week, SANS released an updated security list. The 'top 10' security list has now become 'top 20.' This week, the only vendor to release advisories was Conectiva. The advisories are for mod_auth_pgsql and groff. Webmasters, if you would like to have a dynamic Linux advisory feed on your website we encourage you to take advantage of our RDF file. http://www.linuxsecurity.com/articles/forums_article-3795.html * Don't Risk your network installing an insecure OS * EnGarde was designed from the ground up as a secure solution, starting with the principle of least privilege, and carrying it through every aspect of its implementation. * http://www.engardelinux.org Take advantage of our Linux Security discussion list! This mailing list is for general security-related questions and comments. To subscribe send an e-mail to security-discuss-requestat_private with "subscribe" as the subject. +---------------------+ | Host Security News: | <<-----[ Articles This Week ]------------- +---------------------+ * Linux system administration - A user's guide October 5th, 2001 System administration is an area everyone has to deal with, at some point of their IT career or in personal affairs. Even the most computer illiterate people do it, aware of it or not. It is a necessity, a must you can say. For who else can be in touch with your desires and needs, and have the access to your system other than yourself? http://www.linuxsecurity.com/articles/documentation_article-3797.html * BSD security fundamentals October 5th, 2001 Subterrian.net has a copy of the presentation delivered by Sean Lewis at ToorCon 2001, held last weekend in San Diego, Calif. Lewis discusses BSD essential BSD security issues, working well as a primer for new and experienced users alike. Read all about encrypted communication, filesystem lockdowns, kernel securelevels, services, ftpd, Apache, and security auditing. http://www.linuxsecurity.com/articles/server_security_article-3801.html * Analyzing your internet applications' log files October 2nd, 2001 This article is the first in a series about using lire to analyze log files of internet server applications. This is not limited to one service, e.g. Apache, but is an integrated analyzer for many different services. Included are DNS, WWW and email. This article explains how to get started with lire. It discusses installation and configuration to generate reports. http://www.linuxsecurity.com/articles/host_security_article-3774.html +------------------------+ | Network Security News: | +------------------------+ * Information Warfare: When Intrusion Detection Isn't Enough October 5th, 2001 September 11, 2001... that date will be engraved upon the memories of most Americans for many years to come. That is the date when Terrorists brought their battle to the U.S. soil. One week later, the Internet came under attack by the Nimda worm. Many claimed this was an act of Information Warfare. http://www.linuxsecurity.com/articles/intrusion_detection_article-3800.html * Companies Stress Network Security October 4th, 2001 Corporations and government agencies have long viewed security of computer networks as an optional cost. No more. In the era of cyberterrorism, it is critical. "Network security used to be a necessary evil, but now it's a core value of companies," says CEO Peggy Weigle of Internet security firm Sanctum. http://www.linuxsecurity.com/articles/general_article-3790.html * A Beginner's Introduction to Network Security October 3rd, 2001 Lately, the word "security" has been tossed around a lot in the news, IRC channels and elsewhere in the community. It seems that there's no end to viruses and script kiddies out there just waiting to get through the security on your network and damage something, or use your network to help with the latest denial-of-service attack. http://www.linuxsecurity.com/articles/network_security_article-3784.html * SANS Top 10 Security List Becomes Top 20 October 2nd, 2001 The FBI and the SANS Institute today released a list of the 20 top vulnerabilities of Internet-connected systems and urged companies to close dangerous holes while warning again of virulent cyberattacks to come http://www.linuxsecurity.com/articles/security_sources_article-3781.html * Full Disclosure: How Much Security Info Is Too Much? October 1st, 2001 In publicizing the details of how a given security hole is exploited, are virus fighters simply providing aid and comfort to the enemy? The debate over how much detail to release on software security gaps and when to go public with potentially sensitive security information has experts looking for a middle ground, wherein systems can be secured without helping hackers. http://www.linuxsecurity.com/articles/general_article-3771.html +------------------------+ | Cryptography News: | +------------------------+ * Zimmermann defends strong crypto against govt assault October 4th, 2001 Strong cryptography does more good for society than harm and placing backdoors in encryption products to allow law enforcement access to plain text messages would be "worse than futile", encryption guru Phil Zimmermann told The Register today. http://www.linuxsecurity.com/articles/cryptography_article-3791.html * Security, biometrics research likely to get more attention October 2nd, 2001 Government research on computer security and identification technologies will likely receive greater attention in the aftermath of the Sept. 11 terror attacks against the United States, according to the chairman of the House Science Committee. http://www.linuxsecurity.com/articles/cryptography_article-3775.html * Encryption Debate Revived October 2nd, 2001 Revived efforts to restrict software encryption in the wake of the recent terrorist attacks could have an adverse impact on e-commerce, IT managers and security experts say, but it's unlikely the government will succeed in curtailing encryption. http://www.linuxsecurity.com/articles/cryptography_article-3779.html * Three Minutes With Security Expert Bruce Schneier October 1st, 2001 Bruce Schneier is founder and chief technology officer of Internet security firm Counterpane. He has written two books on cryptography and computer security, Secrets and Lies and Applied Cryptography, and is an outspoken critic of Microsoft and other software vendors that produce products that contain dangerous security holes. http://www.linuxsecurity.com/articles/general_article-3763.html +------------------------+ |Vendors/Tools/Products: | +------------------------+ * Customers Proactive About Security Spending October 4th, 2001 Growing concerns about cyberterrorism and the spread of computer viruses are causing more businesses to become proactive about security spending, solution providers believe. Solutions involving firewall protection, intrusion detection, vulnerability assessment and anti-hacking technology are all moving to the forefront, as customers beef up their security awareness. http://www.linuxsecurity.com/articles/general_article-3792.html +------------------------+ | General News: | +------------------------+ * Net users lose a secret-alias tool October 5th, 2001 The company that pushed encryption and networking technology to the limits to enhance people's privacy said Thursday that it has decided to close its flagship anonymity network and focus on security software for home users. http://www.linuxsecurity.com/articles/privacy_article-3798.html * comp.os.linux.security FAQ Updated October 4th, 2001 Daniel Swan sent us a note indicating he's updated the c.o.l.s FAQ and it's indeed much improved! Would you like to contribute? Send us a note and share your experiences. The FAQ covers "Specifically, security as it pertains to the Linux operating system. http://www.linuxsecurity.com/articles/documentation_article-3794.html * Carnivore substitute keeps Feds honest October 2nd, 2001 The Forensics Explorers division of CTX is ready to go to market with a Carnivore-like suite called NetWitness which, the company says, can enable ISPs to surrender to the Feds only those specific bits of information about a suspect which a court has authorized for collection. http://www.linuxsecurity.com/articles/government_article-3780.html * The Black Hat Briefings Amsterdam 2001 October 2nd, 2001 Every year leaders in the security field are brought together to this conference to discuss the latest threats, trends, products, and influences in the Internet and security environment. Don't miss it. This year's topics include: Routing Protocol Attacks, Mobile Security: SMS and WAP, One-Way SQL Hacking, eBooks Security - Theory and Practice: Part II, Hackproofing Lotus Domino, Protecting your IP Network Infrastructure, RFP.Labs vs. Webservers: Finding Problems. http://www.linuxsecurity.com/articles/organizations_events_article-3773.html ------------------------------------------------------------------------ Distributed by: Guardian Digital, Inc. LinuxSecurity.com To unsubscribe email newsletter-requestat_private with "unsubscribe" in the subject of the message. ------------------------------------------------------------------------ - ISN is currently hosted by Attrition.org To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Tue Oct 09 2001 - 07:59:40 PDT